The Next Big Innovation in Fintech = Identity

Note: This post was my submission for ‘The Fintech Book’ available to buy here.

Identity is changing. Where historically it was based around family, clan and reputation. It is now governed by state, incumbents in the truest form. Where a plastic card is supposed to be a mechanism for who we are, where we come from, and whether this information is legitimate. Something for which companies and individuals risk their future, and history on.

Identity is a key piece of global infrastructure which underpins every element of our lives.
We now reside in a world too advanced for our current identification infrastructure. As we move from a physical world to a digital world, identity is yet to foster any transformative innovation.

However, it is not just identity that is changing, the concept of money is also being morphed just as profoundly – 2015 is predicted to be the landmark year where digital transactions overtake cash. With the two trends are converging, so all that potentially all we will need for transacting will be our identities. Isn’t the concept of payment just 2 entities exchanging value anyway? If you look at a £10 note, “I promise to pay the bearer”, it is a trust mechanism, except for with physical cash the trust is put on the government bank.

In America, in the early 1950’s, because of a lack of cross-country travel infrastructure, transactions were done within villages and towns. Most merchants knew their customers by name, and would therefore keep a credit book for each customer, with them paying it off each month, for fear of being banned for the store. However with the growth of train networks and roads, people began to move interstate. Judging a person’s creditworthiness became a nigh on impossible.

Then in 1960, an IBM engineer named Forrest Parry was developing a new type of ID card for the CIA when he had an epiphany: Why not make each card a tiny data storage device in and of itself? He cut a short length of half-inch wide magnetic tape from a reel and wrapped it around a blank plastic card, secured it with Scotch tape, and then, at his wife’s suggestion, pressed it on with a warm iron. The magnetic strip was born. When making a payment, this alongside your signature has been the de-facto identity check for over 50 years.

If it ain’t broke, don’t fix it, right?

However, payment data hacking was at an all time high in 2014, with an increase of 21% on the year before. Home Depot believes that a cyberattack earlier that year affected 56 million unique payment cards as part of the largest retail security breach in history.

Javelin Strategy & Research, found that $16 billion was stolen from 12.7 million U.S. consumers in 2014, compared with $18 billion and 13.1 million victims a year earlier. There was a new identity fraud victim every two seconds in 2014.

Identity however, reaches far beyond just payments. A recent New York Times article detailed how a recent healthcare data breach exposed his child to identity theft that could hinder her for the rest of her life, because her Social Security number was stolen. Since 2005, more than 675 million data records have been involved in data breaches in the U.S. alone, according to the Identity Theft Resource Center. With this level of information, fraudsters can create new bank accounts or take out loans under an actual person’s name. The opportunities for fraudsters are largely due to the sheer number of online accounts that people have these days. Experian found that on average, UK residents will have around 26 accounts, while 25-34-year-olds are more likely to have 40, and around 25% just use the same password for most of their accounts, rather than coming up with a unique password per site.

By linking identity and payments, people will argue about data protection and anonymity. My rebuttal consists of the fact that there is a difference between private and anonymous. The use of amazon gift cards in the adult web cam services industry (I found this out through research, not first hand knowledge) means that users need only share an identifier such as email in order to create transaction, therefore creating privacy. Luddites hanging on to the notion of anonymity through cash transactions, don’t have much of a choice. Eric Karson (Professor at the Villanova School of Business) believes that 20 years from now, paper money and coins will be close to extinction, in part because the cost of producing currency will continue to climb, and customer resistance is bound to eventually weaken. “As time passes, more and more consumers will be more comfortable with all things digital. Today’s kids will grow up. There will be less and less separation between their digital life and their life in general”.

So let’s all jump aboard and set sail for a new world of digital identity and trust – there are certain companies in existence trying to steady this ship:

Social login
This has been widely adopted by both businesses and consumers. Allowing users to verify their identities and log in to websites and mobile applications using existing profiles from networks such as Facebook and LinkedIn. Not only creating a more streamlined experience for consumers, it also enables marketers to capture and leverage rich, first-party social identity data, scary, however users clearly don’t mind – Facebook Login was used more than 10 billion times in 2013 alone.

Twitter Digits
In late 2014, social networking company Twitter introduced Digits, a tool that allows users to sign up for mobile apps and authenticate their identities without the need to create new login credentials. Rather than creating new usernames and passwords, consumers can log in using their cell phone numbers – an identification mechanism they already use every day, eliminating password fatigue for users, and reducing the amount of spam or inactive accounts businesses have to deal with. An individual signs up using his or her phone number, receives an SMS code, enters the code into the verification field, and the process is complete.

Apple Touch ID
Introduced for the 5S, it is a combination of biometric fingerprint, GPS location and tokenisation. Natwest and RBS in the UK are currently using instead of passwords for account login, and it is a focal point for security for Apple Pay, taking it beyond debit/credit cards in terms of security. One to watch in the next few years.

Whilst these applications attempt to create a solution to the password problem, I think we need to look deeper and think bigger. I believe Identity is the missing foundational piece to payments, fraud and an overall more secure financial system .

‘Identity’ however, is not a simple notion. People can have many different overlapping identities which are fundamental to their individuality. Identities can exercise a powerful influence on the health and wellbeing of communities, and the degree to which they can build up social capital.

The chief principle of a well-regulated police state is this: That each person shall be at all times and places… recognised as this or the particular person.
Johann Gottlieb Fichte (1796)

Identity is not about control though, it is about honesty.

The internet is currently something reminiscent of the wild west. Except instead of outlaws, there are hackers and fraudsters. Currently the degree to which these black hat entities operate is mainly digital harm. But our digital and physical worlds are becoming blurred, much like payments, they are one, it is about connectivity and interaction. With the advent of robotics, the internet of things and artificial intelligence, it may not be our bank accounts that are hacked, but potentially our airplanes or elderly relative helper robots. I’m very bullish on A.I. in the right hands, it could do more for humanity than any other innovation to date. However in the wrong hands it could be catastrophic, and whose hands those are, relates back to identity.

My vision is for ‘White Space’ on the internet. A concept built on networks, rather than index cards in a filing cabinet. Data being shared between entities to create a more holistic view of an individual or entity. It will be reputation rather than regulation that will animate trust in economic exchange. Politician Edmund Bohun in 1696 stated that, there was no cash in England with the result that ‘no trade is managed but by trust’.

Due to advances in decentralised ledger technology it is now possible for a record, be it a passport or bank account to be encrypted and validated amongst all participants in the network. I’m talking about the blockchain, the infrastructure on which Bitcoin sits. Currently the biggest decentralised ledger in 2015, and therefore the most failsafe, as with networks, size matters. To all of those involved in blockchain technology, it sounds unscalable, and it is, there will have to be efficiencies created around this, as the network grows, not every record will need to be hashed on every node. The key is in the power of the network making the information stored irrefutable to tampering, and therefore trusted.

We can then create a safe harbour where only ‘validated identities’ can interact and transact, where people are permanently connected to the network. But it has to go deeper than just being logged in biometrically to a phone, it has to be a web of connectivity with regular touch points confirming or questioning identity. This web of information would essentially create a self-policing network, that doesn’t need to be snooped on or monitored in ways it currently is. It would therefore take us back to something reminiscent of the 17th century, and the importance of reputation. A time where individuals took pride in their manner and decorum through all aspects of their business, social and personal life. Something I think everyone would agree, can only help civilisation at present.